GreyNoise has already observed attempts to exploit the vulnerability in real-world scenarios. The docker image version in OpenAI’s example is affected by a potentially serious information disclosure vulnerability (CVE-2023-28432 to be specific). GreyNoise discovered that the code examples offered by OpenAI for integrating plugins with the new feature included a docker image for the MinIO distributed object storage system. The company has reached out to affected users and assured users that there is no ongoing threat to user data.Īround the same time, GreyNoise, a threat intelligence firm, issued a warning regarding a new ChatGPT feature that expands the chatbot’s data collection abilities via plugins. The Redis-py library functions as a Python interface in this process. Developers use Redis as a means of caching user information on their server, which prevents the need to consult the database for each request. Furthermore, the glitch revealed sensitive data, including names, email addresses, card expiration dates, payment addresses, and the last four digits of card numbers.Īlthough OpenAI stated that the information was exposed during a nine-hour period on March 20, it admitted that data leaks might have occurred before that date. During this modification, a bug was accidentally introduced which exposed user data. Upon investigating the matter, OpenAI found that the breach exposed the titles of active users’ chat histories and the initial message of new conversations. However, this solution ended up allowing users to access each other’s data temporarily. During this modification, a bug was accidentally introduced which exposed user data.ĭevelopers use Redis as a means of caching user information on their server, which prevents the need to consult the database for each request. Cabe destacar que al ser la primera vez que se configura el perfil en la aplicacin Qustodio app de Play Store y App Store, debe especificar si se trata de un dispositivo. The issue originated from ChatGPT’s utilization of Redis-py, an open-source Redis client library, which was impacted by a modification introduced by OpenAI on March 20. Tanto para sistema operativo Mac y Windows o windows mac, cuenta con la opcin de repetir la configuracin que determin para su cuenta en cualquier otra que seleccione. OpenAI, the organization behind ChatGPT, has confirmed a data breach caused by an issue in an open-source library.Īfter a glitch, which inadvertently allowed people to access chat data from other users and resulted in a data breach, OpenAI developers temporarily took ChatGPT down while they worked to identify the problem.
0 Comments
Leave a Reply. |